7647 lines
307 KiB
JSON
7647 lines
307 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--6021536f-a808-4b9c-8136-d7460aba047c",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-11T11:00:12.000Z",
|
||
|
"modified": "2021-02-11T11:00:12.000Z",
|
||
|
"name": "CERT-FR_1510",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--6021536f-a808-4b9c-8136-d7460aba047c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-11T11:00:12.000Z",
|
||
|
"modified": "2021-02-11T11:00:12.000Z",
|
||
|
"name": "[CERT-FR] Infrastructure d'attaque du groupe cybercriminel TA505",
|
||
|
"published": "2021-02-11T09:45:52Z",
|
||
|
"object_refs": [
|
||
|
"x-misp-attribute--8a948ce0-c2c8-4e2a-8c67-73757b48474f",
|
||
|
"indicator--87ca8c58-8696-4752-8b62-34c714be0ec0",
|
||
|
"indicator--be9d342e-4921-4e85-afd4-f8201e059fb0",
|
||
|
"indicator--040b18be-531c-4297-bb5b-a69595c36d96",
|
||
|
"indicator--e69552e9-3236-4222-9cd3-10b0fddaa6dc",
|
||
|
"indicator--b50dda3c-65d6-4ff3-97ef-1ea1e2cdfffc",
|
||
|
"indicator--9e7b230e-24c3-4cab-a4e4-7e4646f0f080",
|
||
|
"indicator--abb56917-cdb2-4b03-bebe-a6f59ff126ff",
|
||
|
"indicator--3b70dc09-21b1-4eb0-a928-cc5111f14d95",
|
||
|
"indicator--e944d50a-d898-42b4-a2b9-d4d8b2e1753b",
|
||
|
"indicator--a1c721c6-6f26-4145-a402-34c115b7a19b",
|
||
|
"indicator--b6267eb6-8a68-418b-bf0e-3eef8c759733",
|
||
|
"indicator--406df6c9-7eef-4e2f-a752-5c1de09e8dc7",
|
||
|
"indicator--cf8ea963-4fc6-49f6-b527-fa2369256ed0",
|
||
|
"indicator--45825169-fa00-4347-acd9-ce3b0b3373fc",
|
||
|
"indicator--8e7055a2-a143-4ee2-bc02-6395d2f5a5fa",
|
||
|
"indicator--a90b7ffe-659b-46dc-b65b-c04d677325c5",
|
||
|
"indicator--573d2e84-91f0-4146-96c1-5ce580b9aa70",
|
||
|
"indicator--354d0ab3-88c3-479b-8e20-b9aff14d42f8",
|
||
|
"indicator--1ffe4154-7123-43c8-9914-c36e5aa076e5",
|
||
|
"indicator--f9a1b32a-8919-41fe-91c9-51da8900a005",
|
||
|
"indicator--7164c0cf-1fa7-4484-b659-2903679186e3",
|
||
|
"indicator--4dc60509-682a-44e0-a4fc-3c7461e6dd57",
|
||
|
"indicator--33b81673-0741-4553-99b6-f96ebf796c67",
|
||
|
"indicator--b50afc63-83df-4712-be66-2bebed391e29",
|
||
|
"indicator--60514e79-296d-493e-b924-fcd68d2bbf05",
|
||
|
"indicator--33026849-2e8a-4dbd-8c2b-9b3d84140214",
|
||
|
"indicator--ab65bc08-32bf-44a5-8d74-72315fa643ab",
|
||
|
"indicator--f89233a1-20f2-4a3f-bc04-c1e90b988cb3",
|
||
|
"indicator--aeb40c17-e1dd-4fa8-9aa1-9183148ba5b3",
|
||
|
"indicator--e431439f-cba2-4ccb-988b-7dddb175502c",
|
||
|
"indicator--1e7256d7-3aff-4b3c-b653-d8c7673fe2c5",
|
||
|
"indicator--3e177ad5-6b94-4bc8-b772-4061d63d2c75",
|
||
|
"indicator--f2204f52-d094-4f88-b850-ef46031aca37",
|
||
|
"indicator--05c81d51-8984-4898-ae12-f8e9db99ad34",
|
||
|
"indicator--859590e6-313b-4b76-9e2a-a7653be3d90c",
|
||
|
"indicator--cb4ec068-2ce9-41cb-bb5d-441edb9f7958",
|
||
|
"indicator--b4e69725-e167-4a17-be0f-3e31750abd4f",
|
||
|
"indicator--1d90023f-6c6d-4caa-82f2-5f688c3aa6a9",
|
||
|
"indicator--ecb2b106-7ecb-4dcd-93e3-897043a7615c",
|
||
|
"indicator--eebfa6e4-0031-4d51-8a5d-5852164e2ebb",
|
||
|
"indicator--21a67340-19be-4865-891b-9444d4d69e35",
|
||
|
"indicator--d654f256-aa41-4b06-bf68-7db5284e0ee5",
|
||
|
"indicator--279ef0ba-e00e-48ae-a59c-3eb61d5113ec",
|
||
|
"indicator--79e1a58b-6406-4d53-9bd6-8f240837114f",
|
||
|
"indicator--a7e201bb-4a05-4f02-9fc4-839f103e97c3",
|
||
|
"indicator--a4713845-ac4b-4a78-875b-fdf1650fbbac",
|
||
|
"indicator--70db6701-037a-44b0-9c2f-fa393eecea11",
|
||
|
"indicator--3f51eb81-496f-48a1-b730-e8b3fa06cb92",
|
||
|
"indicator--c0072af5-6d80-430d-8b8e-1e4a60ef4132",
|
||
|
"indicator--319bfce4-1b0b-4256-b551-8146097d251d",
|
||
|
"indicator--270b486b-3e52-4199-8e74-c653e900d244",
|
||
|
"indicator--fee0967b-0a9f-4fa6-844b-5f7619cea2b7",
|
||
|
"indicator--d254c49f-3918-4f2d-a393-abf074d4a59f",
|
||
|
"indicator--bcb8878d-9773-48e8-b993-462e39940727",
|
||
|
"indicator--94c95735-a074-4364-a824-90e67cdcf381",
|
||
|
"indicator--a06f406e-7302-4666-b5b5-a92571a91095",
|
||
|
"indicator--0b3e2cc1-f287-47c0-b6f2-bfcfb6a1b033",
|
||
|
"indicator--5eb3340d-b602-40b0-8175-81398b88eafd",
|
||
|
"indicator--44de8360-a6b0-432c-87f4-512971037aaa",
|
||
|
"indicator--b3f1e177-e34d-49f1-a403-dffa7c6fa27e",
|
||
|
"indicator--45fd1f4b-1f20-4429-a746-d4c2348f64d0",
|
||
|
"indicator--924f20bd-8154-42c7-88cd-0dd0979bded1",
|
||
|
"indicator--c4843f3a-cd59-433c-b2ac-8f1b7c8100e1",
|
||
|
"indicator--403af9dc-5477-4d70-adea-fcd2304bac7a",
|
||
|
"indicator--4bad8ba3-5178-45a3-894f-3057f10538e8",
|
||
|
"indicator--9890c8b9-aaf7-41a3-a9e7-12b3b096470a",
|
||
|
"indicator--980c81f3-e780-4463-9731-cf83d355c25e",
|
||
|
"indicator--286437b7-a58f-4d9f-8101-c61a0a673b4a",
|
||
|
"indicator--96e25de7-fc29-4f29-a80b-ebb4b173c686",
|
||
|
"indicator--916ab6c2-c568-4efe-9c55-40c08049ecab",
|
||
|
"indicator--2915857f-b6b0-44c5-85fd-4a72b0771ec3",
|
||
|
"indicator--5162ae33-78d3-4112-8fbf-34d9d8b9b6b4",
|
||
|
"indicator--43ceaf6d-6d9e-4f44-a10c-ae650a513595",
|
||
|
"indicator--ea78b23d-0c6c-4bbd-b1b3-432d7e32c392",
|
||
|
"indicator--ada1b5cb-32a4-4b24-a60d-9372e55d1fd0",
|
||
|
"indicator--80319433-0eee-47f6-9bf4-fc600d13934b",
|
||
|
"indicator--327c1ba1-a381-490c-b82b-f78261d88b69",
|
||
|
"indicator--f6510191-8364-4e0a-ba79-cc5b98fb01d4",
|
||
|
"indicator--b8649d50-42e2-4da5-a3ba-bdbab35172a5",
|
||
|
"indicator--2c691f11-c9d4-498e-be07-0e368b402711",
|
||
|
"indicator--c7a8262c-8769-43ea-b680-9847df435fff",
|
||
|
"indicator--1310e8ee-5470-41f0-b261-25f8ef4b73cb",
|
||
|
"indicator--28a1cb04-3bd5-420a-8e93-10e458fdab67",
|
||
|
"indicator--c0eee752-ad8e-43a5-a5a6-05a203799ed5",
|
||
|
"indicator--3a7cf6b5-6505-4f06-876e-460234b4b1cd",
|
||
|
"indicator--049819a6-f515-418f-ae8b-0791e5c54471",
|
||
|
"indicator--77e9a166-859d-4c1d-bc9c-83050e512442",
|
||
|
"indicator--cb8b17a0-2a6b-43ac-ab2f-f424ae8106b3",
|
||
|
"indicator--9b309ece-8dff-4c12-a2b0-6a542b303ac2",
|
||
|
"indicator--c174c903-973c-412d-b0f1-db21420b80ef",
|
||
|
"indicator--ba5066f0-9af9-4a0d-b8fc-9a79ee999211",
|
||
|
"indicator--dc362b7a-0cd3-48b2-922a-7b3e77d99898",
|
||
|
"indicator--d1b245ab-8562-41d9-a398-96c2d4f1c19c",
|
||
|
"indicator--6b1f6594-f757-4b13-8c98-1f4d4f90d481",
|
||
|
"indicator--5bd69ccc-3aa4-467e-bf46-7a64114a55f2",
|
||
|
"indicator--491d00be-9d4f-4b56-b547-2ae7b2b5cac4",
|
||
|
"indicator--281bb75d-4489-44d4-890f-4bd1c740263e",
|
||
|
"indicator--ed326b90-395a-4634-a88f-6b7a2e5f02b4",
|
||
|
"indicator--849e5f07-f9fc-49c0-9cf8-6740ae8af400",
|
||
|
"indicator--e7147c71-3418-487b-8689-63b8db0d9575",
|
||
|
"indicator--e6f2b50b-ba16-473a-b1d7-26b7c0bd8a00",
|
||
|
"indicator--1a623117-9834-43be-af23-3fcdc65febe5",
|
||
|
"indicator--949748c2-a635-4260-992b-2e1d94b8f1dc",
|
||
|
"indicator--87c6dc36-162b-4fc4-a286-dff55b75d7c6",
|
||
|
"indicator--34a8f9cf-762c-41ba-b4c1-eac62708dd7f",
|
||
|
"indicator--73054c9d-c3ef-4de7-b339-128849ccc88d",
|
||
|
"indicator--1be46a93-b950-48fe-a42f-e2b8d904dc87",
|
||
|
"indicator--c78dbee1-520d-4e00-8439-261934be3fe5",
|
||
|
"indicator--b97f726a-2bfa-4736-b27b-17bf9d179724",
|
||
|
"indicator--8f666e9a-635d-49be-9e6b-8eaf5696fe1e",
|
||
|
"indicator--ab94efd4-6dba-4b43-8b46-cf4fd60a3e34",
|
||
|
"indicator--e38205e6-2b49-463d-af76-52d46f08472f",
|
||
|
"indicator--9893de46-6972-4e6e-8746-d07cda98bbac",
|
||
|
"indicator--877be12a-afb7-463f-935e-15bfa2aeae6c",
|
||
|
"indicator--38d6f0b3-8486-450b-87da-4dc8ea5b7534",
|
||
|
"indicator--2fd30988-e13a-4db8-8c8a-63aec004d62e",
|
||
|
"indicator--3d320cb1-66d2-4a71-a7c7-a94b4096555c",
|
||
|
"indicator--dc01f983-990a-41b0-a2c6-2a9b30852df5",
|
||
|
"indicator--26171675-e97c-4fd3-8b01-2b88538e71a9",
|
||
|
"indicator--6eaef210-9788-4f78-b55e-48bc2c6f2493",
|
||
|
"indicator--8f289f69-8528-454f-8729-302b1be01a46",
|
||
|
"indicator--7eccc282-19c3-4e3a-9f6a-c99c23d9ec42",
|
||
|
"indicator--9a36943e-1c3c-4efb-82e1-300f7f576a84",
|
||
|
"indicator--d8f34d4e-4679-401b-8863-4c7f6f74785f",
|
||
|
"indicator--4dc9420d-d2a8-46d5-83a2-0e71a28d5600",
|
||
|
"indicator--6a69044f-eb49-4aa3-8df8-c713f56a27e2",
|
||
|
"indicator--487f5f41-1573-4b4e-8b61-08dbc1b93cdf",
|
||
|
"indicator--b71f6526-bc1f-4c62-90cd-19ef086af15d",
|
||
|
"indicator--c06a0e3e-bb24-431f-894d-b9ab90812b6c",
|
||
|
"indicator--0d9ebc37-2db9-4e8b-a6b1-e4b0cd78da35",
|
||
|
"indicator--f272b94f-90fa-4271-9cf5-1f34c9b4b14a",
|
||
|
"indicator--110ad250-9355-4cfd-890d-aab17f9e4cd8",
|
||
|
"indicator--705a3929-f729-440c-82c8-4008b45b1978",
|
||
|
"indicator--077b4ce8-8666-4901-ad61-55e4a72c3bd4",
|
||
|
"indicator--27630fb5-2bdf-4e16-b3ba-962a2a79ec4c",
|
||
|
"indicator--2f7df412-29ea-48ed-a612-e986d82a4c66",
|
||
|
"indicator--3d7324ff-ae65-4a9d-96fe-bf852e55f78e",
|
||
|
"indicator--331c536d-b247-423d-9e31-b7ec3ad65a41",
|
||
|
"indicator--204eca70-db1f-4cd1-bc88-6bf76aa8495b",
|
||
|
"indicator--ab74549d-9606-4514-b09c-47d84ba60d7c",
|
||
|
"indicator--b8911d36-92c7-4237-9997-cfa9a3a7335f",
|
||
|
"indicator--7d5be3bb-da30-4d1b-89c5-190952432c2c",
|
||
|
"indicator--df4d978d-bbc3-4b95-a389-76c6bed52b25",
|
||
|
"indicator--0af623bf-90f4-415c-b358-dfe11818cda8",
|
||
|
"indicator--7444ed8f-5ded-458d-a788-2d638dbce8d7",
|
||
|
"indicator--5d6dd13d-6511-40a1-937e-75bee78d289c",
|
||
|
"indicator--1b0c2559-56ca-4ec7-8f55-5e2ad9c58641",
|
||
|
"indicator--201860f2-7dc8-4d03-a88b-3d1d6f1cd227",
|
||
|
"indicator--c722913f-7d69-4bbd-bb74-477cf1cedb39",
|
||
|
"indicator--6dbe7093-897b-469e-8fe0-e5087f7b2b44",
|
||
|
"indicator--eb0deaf2-cb08-467f-bbda-c55cfe0229a1",
|
||
|
"indicator--29a4b230-198c-4de7-a48d-73f3207e8ac9",
|
||
|
"indicator--afcb44db-90f9-4b10-a948-5083f3dc6507",
|
||
|
"indicator--4e93cfe7-da95-4da0-8a0c-9556e9a86887",
|
||
|
"indicator--71cddc3b-bab3-421d-990b-45229acd4a38",
|
||
|
"indicator--99263d59-3524-4cc7-9268-8465124f1acf",
|
||
|
"indicator--8b526e13-47fa-4d2d-8440-bf601732159c",
|
||
|
"indicator--aa4db960-0406-43a5-a54c-cf0c3e01665a",
|
||
|
"indicator--3ebdff6d-927e-4c9c-97f9-2f56c2a1568e",
|
||
|
"indicator--6963286b-36b0-48d0-81b0-16c87039a130",
|
||
|
"indicator--d93311b6-f012-4508-9c70-436df6b8964c",
|
||
|
"indicator--1085a4ab-feb5-421f-9bd5-24c688583bdb",
|
||
|
"indicator--563d856d-fe14-4290-9260-605bfe36ffb4",
|
||
|
"indicator--cea88c8f-bfb8-4b3b-89d8-83805098ad6b",
|
||
|
"indicator--216c02f3-b4fc-4ffd-80bf-0e82fcc6fa0f",
|
||
|
"indicator--78d42db3-607e-4006-bc86-23bee7045d98",
|
||
|
"indicator--1f945566-12c6-43eb-810a-060d20ec97c6",
|
||
|
"indicator--a09c2619-097f-474c-9c0d-66fec222ea95",
|
||
|
"indicator--d3e96fb1-0c38-4921-926b-3d52dd2f5749",
|
||
|
"indicator--746fb811-f903-4220-a178-1603c4e06aab",
|
||
|
"indicator--19cb2a93-7913-4294-b8fe-9b2121dbeb4a",
|
||
|
"indicator--1232088c-f161-4d2c-893f-95946936f8a4",
|
||
|
"indicator--f00a8fd2-441b-44b5-9ab9-59feb5c98a8b",
|
||
|
"indicator--66c2803c-2883-4602-a767-fa54567820cd",
|
||
|
"indicator--966576dd-109a-48e1-a808-b987391a2d64",
|
||
|
"indicator--3453ee9d-f3d5-4c2f-87a4-28a3a99d9e25",
|
||
|
"indicator--1014abb6-a9c0-48b3-b737-589397f750cb",
|
||
|
"indicator--c4577ed2-9020-49c2-af8a-4c4e2a61b7e6",
|
||
|
"indicator--13272437-840e-49d1-a29d-f48964afd06a",
|
||
|
"indicator--70ac9e39-34e0-44cd-b32f-274022fea697",
|
||
|
"indicator--a93888e2-a982-4054-acef-a41bf4ac56db",
|
||
|
"indicator--e4883120-f95b-49a7-9d9f-23e62ef1a850",
|
||
|
"indicator--ec60a434-a1b6-49e6-ac3d-959284ce5820",
|
||
|
"indicator--8c0e46ce-ad69-4fab-95ce-ae5e9a31f8b6",
|
||
|
"indicator--91d3a44a-b496-4131-8440-d8ba0d17c2e0",
|
||
|
"indicator--8d99b59c-7edf-455c-a65e-38289236a39f",
|
||
|
"indicator--8a0fd45c-bd77-42d8-a031-f2529e2b48bf",
|
||
|
"indicator--e508f088-22cf-4f96-a020-a284f9ffe403",
|
||
|
"indicator--a1381522-74d5-4416-aa07-d2b74bd15db7",
|
||
|
"indicator--d3059cb1-00d6-4b0a-98f9-32485920bdb2",
|
||
|
"indicator--20f9819d-19b6-4a70-a6c5-066aea3717ef",
|
||
|
"indicator--c5c300b9-a910-4621-a408-d369590b6648",
|
||
|
"indicator--f615e85c-d9c8-46c8-ae69-bca701ef793d",
|
||
|
"indicator--fbb185f3-908f-4595-8710-479d1bc974f7",
|
||
|
"indicator--de6b033b-b16c-4c6e-964d-80c88d2bd768",
|
||
|
"indicator--c71cdb20-f1bd-45b8-9482-745b7eb96e37",
|
||
|
"indicator--db3230d6-2a1a-42b8-a36c-000ba704f17c",
|
||
|
"indicator--ad75b6d3-a2ff-46d0-99cf-01f1e5b07cec",
|
||
|
"indicator--d7c6b9fb-59c6-435b-b074-793aadefa58c",
|
||
|
"indicator--adde785f-ae58-48eb-b7f7-a713495462da",
|
||
|
"indicator--c723c1df-2176-49af-815d-c06e8b3ebe25",
|
||
|
"indicator--40e6352b-05c6-4127-8f44-3ea93cb7ad7a",
|
||
|
"indicator--6008f4ff-590e-4d7e-b860-aabf07ca113f",
|
||
|
"indicator--135b3903-2ac7-4720-9b49-5df80547da32",
|
||
|
"indicator--f42f63bd-90bb-45b4-bdb2-91f1f87d1536",
|
||
|
"indicator--a1f4e0f9-63a6-4043-b5bb-7db43c279124",
|
||
|
"indicator--5ff94453-32df-4d5e-a823-aba6173dfe90",
|
||
|
"indicator--bb01deae-c853-475e-b41b-e32de66bd6a7",
|
||
|
"indicator--d5f54335-48fc-4232-b274-8907a18d992b",
|
||
|
"indicator--a8cbe746-b257-4303-9095-d134c234bad6",
|
||
|
"indicator--c3b293fa-433d-4cc5-a19c-2d94702d906b",
|
||
|
"indicator--583ba885-a198-4244-9672-7bc53506e304",
|
||
|
"indicator--37446d9d-77e2-4f93-9477-db61d49f0d26",
|
||
|
"indicator--825b9570-8f5b-48df-aa2d-0488a547c794",
|
||
|
"indicator--fcc71c9c-cb6e-487f-8618-7fe240393042",
|
||
|
"indicator--a3ef75e3-bfea-47dc-96a6-62655a5a661a",
|
||
|
"indicator--d7f314f6-a53a-493d-a2c6-cc8d77eebe39",
|
||
|
"indicator--efa9945c-5d17-4c4e-8c30-39e4b25c5549",
|
||
|
"indicator--84116ca4-7235-4145-a546-5f9c39f7c4e2",
|
||
|
"indicator--d2e94335-cd64-446d-aa2b-0e72836a9600",
|
||
|
"indicator--f6943d8c-bbd1-48f0-b097-c1ce12c30a53",
|
||
|
"indicator--97987d4c-9d64-4ca9-8391-f839f800de9a",
|
||
|
"indicator--d9f328fe-103b-4eee-bb47-70aae84ff8d0",
|
||
|
"indicator--3b5fd2c0-f5af-4535-b552-9aeee29d1775",
|
||
|
"indicator--50ae9894-2c2e-4b57-86df-cea9438d7d9e",
|
||
|
"indicator--b19eda69-c864-4348-ae04-feceeaf4961c",
|
||
|
"indicator--cc36580f-4e41-4310-baef-02b7eedb8c45",
|
||
|
"indicator--faf36a80-8e61-453b-91c7-71558cbb6118",
|
||
|
"indicator--9122a13b-feae-4100-9ee3-d85363d32a16",
|
||
|
"indicator--10a0afe6-5896-465a-8b78-8ac2a04f3e15",
|
||
|
"indicator--f17e23d8-5285-4d60-82aa-909b12dfd974",
|
||
|
"indicator--149e186a-40c4-4b2a-8e24-724a8dd42df3",
|
||
|
"indicator--9510d97b-f690-426b-8cb2-c2d2b924863d",
|
||
|
"indicator--6c315d59-c7de-45a5-b1ee-703ef2674867",
|
||
|
"indicator--58cd6b51-b2b4-409b-aae4-4bcb8a7e8c17",
|
||
|
"indicator--39f186e0-4438-4456-956a-1d3172287bf8",
|
||
|
"indicator--6b58b0d3-95b2-499b-a14f-a39342b38b00",
|
||
|
"indicator--c50d67d5-8d48-4376-ab2b-3b6f3981f545",
|
||
|
"indicator--891adab1-b306-48d7-a362-c4cef5186097",
|
||
|
"indicator--649dfe20-01e7-49cb-8995-dbb4491d430f",
|
||
|
"indicator--6d005320-243a-44eb-9e9b-d70775bff832",
|
||
|
"indicator--a323f941-3830-4413-9737-881ffc79f611",
|
||
|
"indicator--0f5be515-6bd4-4895-b50d-d84ec5ef56b7",
|
||
|
"indicator--8a0cd3e7-98ac-454c-b429-6cbd7db01fb2",
|
||
|
"indicator--c6829a70-e632-435c-afb7-5507b3fedb4c",
|
||
|
"indicator--7d341dea-7b91-4fae-970e-c3255f8efa72",
|
||
|
"indicator--100e31ae-42ce-462c-9e3a-e7d66051f37e",
|
||
|
"indicator--3202a22e-f278-4d3f-bc7b-ee1a71b1cc33",
|
||
|
"indicator--71ce0d9d-3dd9-41c7-8ab8-39275494c860",
|
||
|
"indicator--daeec3f2-387e-479d-b7d4-09138264a693",
|
||
|
"indicator--0440b2cd-1e54-4bd2-a934-a034f5d7de67",
|
||
|
"indicator--d97c9591-13f8-4d61-b73c-905ad3669f2d",
|
||
|
"indicator--71cea58c-54f5-4dae-ac79-ea2725814043",
|
||
|
"indicator--e0e5e230-ef8c-4397-b6d7-37dcc36b279f",
|
||
|
"indicator--a40dc30e-6595-48c8-99a3-6886b23356b2",
|
||
|
"indicator--39fb24ee-d9a7-461e-b7ec-3d817833ed8a",
|
||
|
"indicator--37f58b98-c27c-49f9-a0c4-759d1e44251d",
|
||
|
"indicator--d43d2035-0f4a-44f2-9b75-8993b78ee308",
|
||
|
"indicator--be5a47d5-2b24-4e7d-9ca7-d12a8903690a",
|
||
|
"indicator--dcb3339d-b618-4353-af77-038c43d1e1ee",
|
||
|
"indicator--63c710c3-7b13-4013-8dc4-5b3aca57bcea",
|
||
|
"indicator--7a56449e-d654-47fa-8003-c576309a2e6b",
|
||
|
"indicator--84bf56ed-c534-4deb-b273-0e08ed3a53f5",
|
||
|
"indicator--cfe96d33-cf8d-4f73-9371-69b732a40a3d",
|
||
|
"indicator--5c0125e0-1096-4eaa-a3d1-55b866214fd8",
|
||
|
"indicator--a2b502d5-5079-4d0b-b49d-920e4fdf85b2",
|
||
|
"indicator--4333b250-f703-477c-ad6f-6cc62d18619d",
|
||
|
"indicator--a0ea5c96-14ff-4d2e-8521-2cf364c197d3",
|
||
|
"indicator--eec88ef1-cd18-49fc-8f24-9f9603c5e2f7",
|
||
|
"indicator--69c790a7-f177-438f-bb55-0eceb45d73d6",
|
||
|
"indicator--a09fd416-189e-470c-9e0c-c5120c2fde33",
|
||
|
"indicator--f3c2487f-aa47-444c-a523-59c8c95dce2a",
|
||
|
"indicator--85453fae-ac42-4c8c-8b1e-64b7ca26865e",
|
||
|
"indicator--fae63b24-848a-4f96-963f-cf794b409cb0",
|
||
|
"indicator--6d1e5fe2-73b1-4f22-bbfd-55c1654ed15c",
|
||
|
"indicator--a5770437-5177-449e-82f4-1fe891c220fd",
|
||
|
"indicator--d990532b-103c-4e5e-aab5-7cf0aaf4ebc6",
|
||
|
"indicator--65178575-e540-481c-ada1-e4532812d607",
|
||
|
"indicator--152c5abd-c3e3-44ab-bdd9-d43f338e429b",
|
||
|
"indicator--a10f90de-97f2-4f83-a570-b2e893f9eacb",
|
||
|
"indicator--25bea186-6554-4572-a80f-73e0b81dd97b",
|
||
|
"indicator--aaac2105-b68c-4536-ba28-ccf4c618263d",
|
||
|
"indicator--ffef09f2-a3ea-447f-bfeb-b8c4a00e6d56",
|
||
|
"indicator--ac828bf9-7906-4ac9-a4a7-b7c5b2afe4d2",
|
||
|
"indicator--eb10b758-589d-459d-8363-02d5398f814a",
|
||
|
"indicator--20d58ef7-4499-47ca-96c6-feb8db38e166",
|
||
|
"indicator--479746a1-000e-4131-aa3a-2c1c832748e9",
|
||
|
"indicator--66673f6d-7d31-451c-8a8b-006eb1f10f4d",
|
||
|
"indicator--13fb01b4-1e24-496e-a187-1b89e4137ab5",
|
||
|
"indicator--32ea38ba-4a06-4a11-a534-47592f7ace54",
|
||
|
"indicator--7603e35e-59f8-4242-84d9-3bc87cc37aa0",
|
||
|
"indicator--fbb48f8f-6ce3-40cf-9dab-9483295e19d1",
|
||
|
"indicator--711c79f7-95db-4d80-995d-b6ef5aa1a20a",
|
||
|
"indicator--08da0d07-b91c-49fb-9c3d-4c9a646e04e8",
|
||
|
"indicator--6ad242d2-e7ac-4372-869e-65c3692361d0",
|
||
|
"indicator--fa660c7c-3cbf-4fb0-aec9-1eb4faa36469",
|
||
|
"indicator--c242ae7e-0a50-4442-8b00-5b7ee1d493cc",
|
||
|
"indicator--07c1a966-7237-4f8d-808d-78b1794b6be9",
|
||
|
"indicator--a176aa95-8fee-430e-b5fd-ece7b7776447",
|
||
|
"indicator--9306bc9d-4e12-4b74-a173-b03260ff806a",
|
||
|
"indicator--3babba64-d7d8-439c-9b06-76ba067373ce",
|
||
|
"indicator--322d3a5e-505c-4180-a892-4f191275dd44",
|
||
|
"indicator--aa4a79db-1fad-4142-ae37-b9313b6abdfc"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"fr-classif:non-classifiees=\"NON-CLASSIFIEES\"",
|
||
|
"cossi:TLP=\"white\"",
|
||
|
"cossi:RechercheSourceOuverte=\"Autorisee\"",
|
||
|
"cossi:fiabilite=\"Bonne\"",
|
||
|
"misp-galaxy:threat-actor=\"FIN11\"",
|
||
|
"misp-galaxy:threat-actor=\"TA505\"",
|
||
|
"type:OSINT",
|
||
|
"osint:lifetime=\"perpetual\"",
|
||
|
"osint:certainty=\"50\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--8a948ce0-c2c8-4e2a-8c67-73757b48474f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"Other\"",
|
||
|
"misp:to_ids=\"True\"",
|
||
|
"DescriptionTechnique"
|
||
|
],
|
||
|
"x_misp_category": "Other",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "R\u00e9sultats de l'investigation sur l'infrastructure d'attaque de TA505"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--87ca8c58-8696-4752-8b62-34c714be0ec0",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "SDBbot C2 server [2020-11-29:]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '135.181.97.81']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--be9d342e-4921-4e85-afd4-f8201e059fb0",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '158.255.208.148']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--040b18be-531c-4297-bb5b-a69595c36d96",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '158.255.208.168']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e69552e9-3236-4222-9cd3-10b0fddaa6dc",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2019-07-31:2019-07-31]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.112']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b50dda3c-65d6-4ff3-97ef-1ea1e2cdfffc",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "CobaltStrike C2 server potentially linked to TA505 activity [2019-07-17:2019-08-06]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.132']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9e7b230e-24c3-4cab-a4e4-7e4646f0f080",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "CobaltStrike C2 server potentially linked to TA505 activity [2020-09-20:2021-02-04]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.140']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--abb56917-cdb2-4b03-bebe-a6f59ff126ff",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2019-09-23:2019-10-01]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.173']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3b70dc09-21b1-4eb0-a928-cc5111f14d95",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server linked to TA505 activity [2020-03-06:2020-12-20]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.175']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e944d50a-d898-42b4-a2b9-d4d8b2e1753b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2020-03-11:2020-11-13], CobaltStrike C2 server potentially linked to TA505 activity [2020-03-13:2020-11-08]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.183']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a1c721c6-6f26-4145-a402-34c115b7a19b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "CobaltStrike C2 server potentially linked to TA505 activity [2020-11-23:2020-11-26]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.197']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b6267eb6-8a68-418b-bf0e-3eef8c759733",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2020-03-09:2020-05-16]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.199']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--406df6c9-7eef-4e2f-a752-5c1de09e8dc7",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2020-04-12:2020-09-05]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.208']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cf8ea963-4fc6-49f6-b527-fa2369256ed0",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2020-03-10:2020-12-22], CobaltStrike C2 server potentially linked to TA505 activity [2020-10-07:2020-10-07]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.226']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--45825169-fa00-4347-acd9-ce3b0b3373fc",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "CobaltStrike C2 server potentially linked to TA505 activity [2020-05-08:2020-05-08]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.228']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8e7055a2-a143-4ee2-bc02-6395d2f5a5fa",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "CobaltStrike C2 server potentially linked to TA505 activity [2020-08-22:2021-01-31]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.229']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a90b7ffe-659b-46dc-b65b-c04d677325c5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "CobaltStrike C2 server potentially linked to TA505 activity [2020-07-28:2020-08-06]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.231']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--573d2e84-91f0-4146-96c1-5ce580b9aa70",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2020-10-09:2021-01-15]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.232']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--354d0ab3-88c3-479b-8e20-b9aff14d42f8",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2020-11-05:2020-11-27]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.234']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1ffe4154-7123-43c8-9914-c36e5aa076e5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2021-01-06:2021-01-14]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.235']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f9a1b32a-8919-41fe-91c9-51da8900a005",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "CobaltStrike C2 server potentially linked to TA505 activity [2020-08-19:2020-09-10], Metasploit C2 server potentially linked to TA505 activity [2020-03-21:2020-03-21]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.237']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7164c0cf-1fa7-4484-b659-2903679186e3",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server linked to TA505 activity [2020-06-03:2020-12-16]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.238']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4dc60509-682a-44e0-a4fc-3c7461e6dd57",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2020-03-21:2020-12-18]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.241']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--33b81673-0741-4553-99b6-f96ebf796c67",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "CobaltStrike C2 server potentially linked to TA505 activity [2020-10-06:2021-01-09]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.249']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b50afc63-83df-4712-be66-2bebed391e29",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "CobaltStrike C2 server potentially linked to TA505 activity [2020-10-25:2021-01-30]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.121.14.251']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--60514e79-296d-493e-b924-fcd68d2bbf05",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.17.121.188']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--33026849-2e8a-4dbd-8c2b-9b3d84140214",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2019-10-07:2020-02-01]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.13']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ab65bc08-32bf-44a5-8d74-72315fa643ab",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2019-08-14:2019-10-15]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.18']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f89233a1-20f2-4a3f-bc04-c1e90b988cb3",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server linked to TA505 activity [2019-09-11:2020-02-07]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.20']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--aeb40c17-e1dd-4fa8-9aa1-9183148ba5b3",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2019-10-04:2019-10-24]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.22']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e431439f-cba2-4ccb-988b-7dddb175502c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server linked to TA505 activity [2019-12-19:2020-02-05]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.25']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1e7256d7-3aff-4b3c-b653-d8c7673fe2c5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2019-08-10:2019-11-03]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.29']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3e177ad5-6b94-4bc8-b772-4061d63d2c75",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server linked to TA505 activity [2019-07-31:2020-02-03]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f2204f52-d094-4f88-b850-ef46031aca37",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2019-09-03:2019-10-30]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.53']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--05c81d51-8984-4898-ae12-f8e9db99ad34",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2019-08-04:2020-01-10]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.54']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--859590e6-313b-4b76-9e2a-a7653be3d90c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server potentially linked to TA505 activity [2020-01-29:2020-02-25]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.57']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cb4ec068-2ce9-41cb-bb5d-441edb9f7958",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Metasploit C2 server linked to TA505 activity [2019-11-13:2020-01-15], CobaltStrike C2 server potentially linked to TA505 activity [2019-12-21:2020-01-23]",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.214.124.64']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b4e69725-e167-4a17-be0f-3e31750abd4f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.38.135.217']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1d90023f-6c6d-4caa-82f2-5f688c3aa6a9",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'alpha-telemetry-microsoft.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ecb2b106-7ecb-4dcd-93e3-897043a7615c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'att-download.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--eebfa6e4-0031-4d51-8a5d-5852164e2ebb",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'auxin-box.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--21a67340-19be-4865-891b-9444d4d69e35",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'backup-place.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d654f256-aa41-4b06-bf68-7db5284e0ee5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'bak-home.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--279ef0ba-e00e-48ae-a59c-3eb61d5113ec",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'bak0-store.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--79e1a58b-6406-4d53-9bd6-8f240837114f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'band-switch.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a7e201bb-4a05-4f02-9fc4-839f103e97c3",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'box-cdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a4713845-ac4b-4a78-875b-fdf1650fbbac",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'box-cnd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--70db6701-037a-44b0-9c2f-fa393eecea11",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'box-en-au.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3f51eb81-496f-48a1-b730-e8b3fa06cb92",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'box-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c0072af5-6d80-430d-8b8e-1e4a60ef4132",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'boxfiles-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--319bfce4-1b0b-4256-b551-8146097d251d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'boxrcdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--270b486b-3e52-4199-8e74-c653e900d244",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'cdn-box.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fee0967b-0a9f-4fa6-844b-5f7619cea2b7",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'cdn-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d254c49f-3918-4f2d-a393-abf074d4a59f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:26.000Z",
|
||
|
"modified": "2021-02-08T15:06:26.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'cdn-onedrive-live.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bcb8878d-9773-48e8-b993-462e39940727",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'clients-share.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--94c95735-a074-4364-a824-90e67cdcf381",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'clietns-download.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a06f406e-7302-4666-b5b5-a92571a91095",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'cloud-store-cdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0b3e2cc1-f287-47c0-b6f2-bfcfb6a1b033",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'clouds-cdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5eb3340d-b602-40b0-8175-81398b88eafd",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'clouds-doanload-cnd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--44de8360-a6b0-432c-87f4-512971037aaa",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'clouds-share.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b3f1e177-e34d-49f1-a403-dffa7c6fa27e",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'corp-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--45fd1f4b-1f20-4429-a746-d4c2348f64d0",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'corp-storage.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--924f20bd-8154-42c7-88cd-0dd0979bded1",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'data-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c4843f3a-cd59-433c-b2ac-8f1b7c8100e1",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'daumcdnf.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--403af9dc-5477-4d70-adea-fcd2304bac7a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'daumcdnr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4bad8ba3-5178-45a3-894f-3057f10538e8",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'daumcdns.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9890c8b9-aaf7-41a3-a9e7-12b3b096470a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'def-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--980c81f3-e780-4463-9731-cf83d355c25e",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'definite-limits.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--286437b7-a58f-4d9f-8101-c61a0a673b4a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'digitals-space.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--96e25de7-fc29-4f29-a80b-ebb4b173c686",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'direct-share.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--916ab6c2-c568-4efe-9c55-40c08049ecab",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'direct-space.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2915857f-b6b0-44c5-85fd-4a72b0771ec3",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'direct-upt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5162ae33-78d3-4112-8fbf-34d9d8b9b6b4",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dl-icloud.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--43ceaf6d-6d9e-4f44-a10c-ae650a513595",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dl-sharefile.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ea78b23d-0c6c-4bbd-b1b3-432d7e32c392",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dl-sync.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ada1b5cb-32a4-4b24-a60d-9372e55d1fd0",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'docs-downloading.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--80319433-0eee-47f6-9bf4-fc600d13934b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'download-cdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--327c1ba1-a381-490c-b82b-f78261d88b69",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'download-shares.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f6510191-8364-4e0a-ba79-cc5b98fb01d4",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'downloads-links.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b8649d50-42e2-4da5-a3ba-bdbab35172a5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'drm-google-analtyic.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2c691f11-c9d4-498e-be07-0e368b402711",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'drm-server-booking.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c7a8262c-8769-43ea-b680-9847df435fff",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'drm-server13-login-microsoftonline.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1310e8ee-5470-41f0-b261-25f8ef4b73cb",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropbox-cdnn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--28a1cb04-3bd5-420a-8e93-10e458fdab67",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropbox-cdns.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c0eee752-ad8e-43a5-a5a6-05a203799ed5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropbox-cdnt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3a7cf6b5-6505-4f06-876e-460234b4b1cd",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropbox-cnd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--049819a6-f515-418f-ae8b-0791e5c54471",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropbox-download-eu.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--77e9a166-859d-4c1d-bc9c-83050e512442",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropbox-download.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cb8b17a0-2a6b-43ac-ab2f-f424ae8106b3",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropbox-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9b309ece-8dff-4c12-a2b0-6a542b303ac2",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropbox-er.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c174c903-973c-412d-b0f1-db21420b80ef",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropbox-eu.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ba5066f0-9af9-4a0d-b8fc-9a79ee999211",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropbox-sdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dc362b7a-0cd3-48b2-922a-7b3e77d99898",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropboxccdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d1b245ab-8562-41d9-a398-96c2d4f1c19c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropboxrcdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6b1f6594-f757-4b13-8c98-1f4d4f90d481",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropboxscdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5bd69ccc-3aa4-467e-bf46-7a64114a55f2",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dropboxwcdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--491d00be-9d4f-4b56-b547-2ae7b2b5cac4",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'dyn-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--281bb75d-4489-44d4-890f-4bd1c740263e",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'dysoool.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ed326b90-395a-4634-a88f-6b7a2e5f02b4",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'egnytefs.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--849e5f07-f9fc-49c0-9cf8-6740ae8af400",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'eu-download.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e7147c71-3418-487b-8689-63b8db0d9575",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'eu-global-online.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e6f2b50b-ba16-473a-b1d7-26b7c0bd8a00",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'eu-global.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1a623117-9834-43be-af23-3fcdc65febe5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'ex-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--949748c2-a635-4260-992b-2e1d94b8f1dc",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'ex-stores.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--87c6dc36-162b-4fc4-a286-dff55b75d7c6",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'facebook-drm-server3.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--34a8f9cf-762c-41ba-b4c1-eac62708dd7f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'fast-bits.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--73054c9d-c3ef-4de7-b339-128849ccc88d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'fast-gl-backups.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1be46a93-b950-48fe-a42f-e2b8d904dc87",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'fasts-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c78dbee1-520d-4e00-8439-261934be3fe5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'file-shares.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b97f726a-2bfa-4736-b27b-17bf9d179724",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'files-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8f666e9a-635d-49be-9e6b-8eaf5696fe1e",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'fileshare-cdns.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ab94efd4-6dba-4b43-8b46-cf4fd60a3e34",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'fileshare-cnd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e38205e6-2b49-463d-af76-52d46f08472f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'fileshare-storage.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9893de46-6972-4e6e-8746-d07cda98bbac",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'filesharess.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--877be12a-afb7-463f-935e-15bfa2aeae6c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'filessz.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--38d6f0b3-8486-450b-87da-4dc8ea5b7534",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'first-destin.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2fd30988-e13a-4db8-8c8a-63aec004d62e",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'fosdommtoi.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3d320cb1-66d2-4a71-a7c7-a94b4096555c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'general-lcfd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dc01f983-990a-41b0-a2c6-2a9b30852df5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'geo-st-microsoft.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--26171675-e97c-4fd3-8b01-2b88538e71a9",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'get-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6eaef210-9788-4f78-b55e-48bc2c6f2493",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'get-hlinks.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8f289f69-8528-454f-8729-302b1be01a46",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'getlink-service.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7eccc282-19c3-4e3a-9f6a-c99c23d9ec42",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'global-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9a36943e-1c3c-4efb-82e1-300f7f576a84",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'global-logic-stl.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d8f34d4e-4679-401b-8863-4c7f6f74785f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'glr-ltd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4dc9420d-d2a8-46d5-83a2-0e71a28d5600",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'going-tr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6a69044f-eb49-4aa3-8df8-c713f56a27e2",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'google-eu-cdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--487f5f41-1573-4b4e-8b61-08dbc1b93cdf",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'google-us-cdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b71f6526-bc1f-4c62-90cd-19ef086af15d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'googledrive-download.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c06a0e3e-bb24-431f-894d-b9ab90812b6c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'googledrive-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0d9ebc37-2db9-4e8b-a6b1-e4b0cd78da35",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'googledrive-eu.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f272b94f-90fa-4271-9cf5-1f34c9b4b14a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'googledrive-gb.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--110ad250-9355-4cfd-890d-aab17f9e4cd8",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'groms-dat.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--705a3929-f729-440c-82c8-4008b45b1978",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'home-storages.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--077b4ce8-8666-4901-ad61-55e4a72c3bd4",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'i-sharecloud.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--27630fb5-2bdf-4e16-b3ba-962a2a79ec4c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'int-download.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--2f7df412-29ea-48ed-a612-e986d82a4c66",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'integer-ms-home.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3d7324ff-ae65-4a9d-96fe-bf852e55f78e",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'into-box.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--331c536d-b247-423d-9e31-b7ec3ad65a41",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'jp-microsoft-store.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--204eca70-db1f-4cd1-bc88-6bf76aa8495b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'limo-ones.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ab74549d-9606-4514-b09c-47d84ba60d7c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'live-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b8911d36-92c7-4237-9997-cfa9a3a7335f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'live-msr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7d5be3bb-da30-4d1b-89c5-190952432c2c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'local-download.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--df4d978d-bbc3-4b95-a389-76c6bed52b25",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'long-space.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0af623bf-90f4-415c-b358-dfe11818cda8",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'main-boost.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7444ed8f-5ded-458d-a788-2d638dbce8d7",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'mainten-ferrum.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5d6dd13d-6511-40a1-937e-75bee78d289c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'mays-ltd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1b0c2559-56ca-4ec7-8f55-5e2ad9c58641",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'md-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--201860f2-7dc8-4d03-a88b-3d1d6f1cd227",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'mgrs-service.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c722913f-7d69-4bbd-bb74-477cf1cedb39",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-cnd-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6dbe7093-897b-469e-8fe0-e5087f7b2b44",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-cnd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--eb0deaf2-cb08-467f-bbda-c55cfe0229a1",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-debug-098.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--29a4b230-198c-4de7-a48d-73f3207e8ac9",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-home-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--afcb44db-90f9-4b10-a948-5083f3dc6507",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-hub-us.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4e93cfe7-da95-4da0-8a0c-9556e9a86887",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-live-us.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--71cddc3b-bab3-421d-990b-45229acd4a38",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-online-en-us.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--99263d59-3524-4cc7-9268-8465124f1acf",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-sback-server.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8b526e13-47fa-4d2d-8440-bf601732159c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-store-drm-server.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--aa4db960-0406-43a5-a54c-cf0c3e01665a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-store-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3ebdff6d-927e-4c9c-97f9-2f56c2a1568e",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'microsoft-ware.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6963286b-36b0-48d0-81b0-16c87039a130",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'mira-store.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d93311b6-f012-4508-9c70-436df6b8964c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'mop-shere.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1085a4ab-feb5-421f-9bd5-24c688583bdb",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'ms-break.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--563d856d-fe14-4290-9260-605bfe36ffb4",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'ms-debug-services.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cea88c8f-bfb8-4b3b-89d8-83805098ad6b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'ms-downloading.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--216c02f3-b4fc-4ffd-80bf-0e82fcc6fa0f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'ms-en-microsoft.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--78d42db3-607e-4006-bc86-23bee7045d98",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'ms-global-store.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1f945566-12c6-43eb-810a-060d20ec97c6",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'ms-home-live.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a09c2619-097f-474c-9c0d-66fec222ea95",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'ms-home-store.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d3e96fb1-0c38-4921-926b-3d52dd2f5749",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'ms-pipes-service.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--746fb811-f903-4220-a178-1603c4e06aab",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'ms-rdt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--19cb2a93-7913-4294-b8fe-9b2121dbeb4a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'ms-upgrades.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1232088c-f161-4d2c-893f-95946936f8a4",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'mslinks-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f00a8fd2-441b-44b5-9ab9-59feb5c98a8b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'msonebox.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--66c2803c-2883-4602-a767-fa54567820cd",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'music-server11-facebook.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--966576dd-109a-48e1-a808-b987391a2d64",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'music-server17-facebook.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3453ee9d-f3d5-4c2f-87a4-28a3a99d9e25",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'near-back.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--1014abb6-a9c0-48b3-b737-589397f750cb",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'near-fast.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c4577ed2-9020-49c2-af8a-4c4e2a61b7e6",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'nellscorp.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--13272437-840e-49d1-a29d-f48964afd06a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'nels-ltd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--70ac9e39-34e0-44cd-b32f-274022fea697",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'news-37876-mshome.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a93888e2-a982-4054-acef-a41bf4ac56db",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'news-389767-mshome.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e4883120-f95b-49a7-9d9f-23e62ef1a850",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'news-server-drm-google.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ec60a434-a1b6-49e6-ac3d-959284ce5820",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'news-server17-yahoo.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8c0e46ce-ad69-4fab-95ce-ae5e9a31f8b6",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'nffsd-corp.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--91d3a44a-b496-4131-8440-d8ba0d17c2e0",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'none-class.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8d99b59c-7edf-455c-a65e-38289236a39f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'office-en-service.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8a0fd45c-bd77-42d8-a031-f2529e2b48bf",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'office-teml-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e508f088-22cf-4f96-a020-a284f9ffe403",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:27.000Z",
|
||
|
"modified": "2021-02-08T15:06:27.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'office365-en-gb.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a1381522-74d5-4416-aa07-d2b74bd15db7",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'office365-eu-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d3059cb1-00d6-4b0a-98f9-32485920bdb2",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'office365-update-en-gb.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--20f9819d-19b6-4a70-a6c5-066aea3717ef",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'office365-update-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c5c300b9-a910-4621-a408-d369590b6648",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'office365-update-eu.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f615e85c-d9c8-46c8-ae69-bca701ef793d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'office365-us-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fbb185f3-908f-4595-8710-479d1bc974f7",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'one-drive-ms.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--de6b033b-b16c-4c6e-964d-80c88d2bd768",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'one-drive-storage.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c71cdb20-f1bd-45b8-9482-745b7eb96e37",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'one-drives.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--db3230d6-2a1a-42b8-a36c-000ba704f17c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-cdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ad75b6d3-a2ff-46d0-99cf-01f1e5b07cec",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-download-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d7c6b9fb-59c6-435b-b074-793aadefa58c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-download.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--adde785f-ae58-48eb-b7f7-a713495462da",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-en-eu.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c723c1df-2176-49af-815d-c06e8b3ebe25",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-en-live.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--40e6352b-05c6-4127-8f44-3ea93cb7ad7a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6008f4ff-590e-4d7e-b860-aabf07ca113f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-eu.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--135b3903-2ac7-4720-9b49-5df80547da32",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-fn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f42f63bd-90bb-45b4-bdb2-91f1f87d1536",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-live-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a1f4e0f9-63a6-4043-b5bb-7db43c279124",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-sd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5ff94453-32df-4d5e-a823-aba6173dfe90",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-sdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bb01deae-c853-475e-b41b-e32de66bd6a7",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-sn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d5f54335-48fc-4232-b274-8907a18d992b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrive-us-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a8cbe746-b257-4303-9095-d134c234bad6",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onedrives-en-live.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c3b293fa-433d-4cc5-a19c-2d94702d906b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onehub-cdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--583ba885-a198-4244-9672-7bc53506e304",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onehub-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--37446d9d-77e2-4f93-9477-db61d49f0d26",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'onesdrives.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--825b9570-8f5b-48df-aa2d-0488a547c794",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'online-office365.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fcc71c9c-cb6e-487f-8618-7fe240393042",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'onms-home.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a3ef75e3-bfea-47dc-96a6-62655a5a661a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'own-eu-cloud.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d7f314f6-a53a-493d-a2c6-cc8d77eebe39",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'owncloud-cdn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--efa9945c-5d17-4c4e-8c30-39e4b25c5549",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'personal-dss.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--84116ca4-7235-4145-a546-5f9c39f7c4e2",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'pssd-ltdgroup.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d2e94335-cd64-446d-aa2b-0e72836a9600",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'rapid-stores.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f6943d8c-bbd1-48f0-b097-c1ce12c30a53",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'rdmsom.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--97987d4c-9d64-4ca9-8391-f839f800de9a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'res-backup.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d9f328fe-103b-4eee-bb47-70aae84ff8d0",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'reselling-corp.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3b5fd2c0-f5af-4535-b552-9aeee29d1775",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'river-store.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--50ae9894-2c2e-4b57-86df-cea9438d7d9e",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'rmt-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--b19eda69-c864-4348-ae04-feceeaf4961c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 's3-ap-southeast-1-amazonaws.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cc36580f-4e41-4310-baef-02b7eedb8c45",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 's3-ap-southeast-2-amazonaws.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--faf36a80-8e61-453b-91c7-71558cbb6118",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 's77657453-onedrive.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9122a13b-feae-4100-9ee3-d85363d32a16",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 's89065339-onedrive.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--10a0afe6-5896-465a-8b78-8ac2a04f3e15",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'sdff-corp.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f17e23d8-5285-4d60-82aa-909b12dfd974",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'see-back.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--149e186a-40c4-4b2a-8e24-724a8dd42df3",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'selling-group.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9510d97b-f690-426b-8cb2-c2d2b924863d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'share-clouds.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6c315d59-c7de-45a5-b1ee-703ef2674867",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'share-downloading.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58cd6b51-b2b4-409b-aae4-4bcb8a7e8c17",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'share-stores.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--39f186e0-4438-4456-956a-1d3172287bf8",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'shared-cnd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6b58b0d3-95b2-499b-a14f-a39342b38b00",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'shared-download.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c50d67d5-8d48-4376-ab2b-3b6f3981f545",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'shared-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--891adab1-b306-48d7-a362-c4cef5186097",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'shared-filez.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--649dfe20-01e7-49cb-8995-dbb4491d430f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'sharefile-cnd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6d005320-243a-44eb-9e9b-d70775bff832",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'sharefile-us.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a323f941-3830-4413-9737-881ffc79f611",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'sharefiles-download.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0f5be515-6bd4-4895-b50d-d84ec5ef56b7",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'sharefiles-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--8a0cd3e7-98ac-454c-b429-6cbd7db01fb2",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'sharefiles-eu.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c6829a70-e632-435c-afb7-5507b3fedb4c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'sharefileszz.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7d341dea-7b91-4fae-970e-c3255f8efa72",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'shares-cdns.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--100e31ae-42ce-462c-9e3a-e7d66051f37e",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'shares-cloud.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3202a22e-f278-4d3f-bc7b-ee1a71b1cc33",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'sharespoint-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--71ce0d9d-3dd9-41c7-8ab8-39275494c860",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'short-share.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--daeec3f2-387e-479d-b7d4-09138264a693",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'shortcut-links.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--0440b2cd-1e54-4bd2-a934-a034f5d7de67",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'shr-links.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d97c9591-13f8-4d61-b73c-905ad3669f2d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'siron-del.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--71cea58c-54f5-4dae-ac79-ea2725814043",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'sl-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e0e5e230-ef8c-4397-b6d7-37dcc36b279f",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'stat-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a40dc30e-6595-48c8-99a3-6886b23356b2",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'static-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--39fb24ee-d9a7-461e-b7ec-3d817833ed8a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'static-google-analtyic.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--37f58b98-c27c-49f9-a0c4-759d1e44251d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'store-000846-live.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d43d2035-0f4a-44f2-9b75-8993b78ee308",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'store-003774-live.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--be5a47d5-2b24-4e7d-9ca7-d12a8903690a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'store-downloads.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--dcb3339d-b618-4353-af77-038c43d1e1ee",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'store-in-box.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--63c710c3-7b13-4013-8dc4-5b3aca57bcea",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'stt-box.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7a56449e-d654-47fa-8003-c576309a2e6b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'studio-stlsdr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--84bf56ed-c534-4deb-b273-0e08ed3a53f5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'sync-share.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cfe96d33-cf8d-4f73-9371-69b732a40a3d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'syncdownload.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5c0125e0-1096-4eaa-a3d1-55b866214fd8",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'syncdownloading.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a2b502d5-5079-4d0b-b49d-920e4fdf85b2",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'tnrff-home.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--4333b250-f703-477c-ad6f-6cc62d18619d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'toppon-studio.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a0ea5c96-14ff-4d2e-8521-2cf364c197d3",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'transff-reddon.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--eec88ef1-cd18-49fc-8f24-9f9603c5e2f7",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'tremd-space.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--69c790a7-f177-438f-bb55-0eceb45d73d6",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'update-ms-en-office365.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a09fd416-189e-470c-9e0c-c5120c2fde33",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'update-msoffice365.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f3c2487f-aa47-444c-a523-59c8c95dce2a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'update365-office-ens.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--85453fae-ac42-4c8c-8b1e-64b7ca26865e",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'upgrade-ms-home.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fae63b24-848a-4f96-963f-cf794b409cb0",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'url-space.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6d1e5fe2-73b1-4f22-bbfd-55c1654ed15c",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'us-microsoft-store.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a5770437-5177-449e-82f4-1fe891c220fd",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'usr-telemetry-microsoft.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--d990532b-103c-4e5e-aab5-7cf0aaf4ebc6",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'west-dat.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--65178575-e540-481c-ada1-e4532812d607",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-afx-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--152c5abd-c3e3-44ab-bdd9-d43f338e429b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-appstore-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a10f90de-97f2-4f83-a570-b2e893f9eacb",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-avs-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--25bea186-6554-4572-a80f-73e0b81dd97b",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Phishing server",
|
||
|
"pattern": "[domain-name:value = 'windows-cnd-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--aaac2105-b68c-4536-ba28-ccf4c618263d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-dev-sec.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ffef09f2-a3ea-447f-bfeb-b8c4a00e6d56",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-en-us-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ac828bf9-7906-4ac9-a4a7-b7c5b2afe4d2",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-fsd-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--eb10b758-589d-459d-8363-02d5398f814a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-me-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--20d58ef7-4499-47ca-96c6-feb8db38e166",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-msd-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--479746a1-000e-4131-aa3a-2c1c832748e9",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-office365.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--66673f6d-7d31-451c-8a8b-006eb1f10f4d",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-se-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--13fb01b4-1e24-496e-a187-1b89e4137ab5",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-service-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--32ea38ba-4a06-4a11-a534-47592f7ace54",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-service-us.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--7603e35e-59f8-4242-84d9-3bc87cc37aa0",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-several-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fbb48f8f-6ce3-40cf-9dab-9483295e19d1",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-sys-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--711c79f7-95db-4d80-995d-b6ef5aa1a20a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-update-02-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--08da0d07-b91c-49fb-9c3d-4c9a646e04e8",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-update-sdbt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6ad242d2-e7ac-4372-869e-65c3692361d0",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-update-sdfw.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fa660c7c-3cbf-4fb0-aec9-1eb4faa36469",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-update-sys.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c242ae7e-0a50-4442-8b00-5b7ee1d493cc",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-upgrade-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--07c1a966-7237-4f8d-808d-78b1794b6be9",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-wsus-en.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--a176aa95-8fee-430e-b5fd-ece7b7776447",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'windows-wsus-update.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--9306bc9d-4e12-4b74-a173-b03260ff806a",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'wire-share.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--3babba64-d7d8-439c-9b06-76ba067373ce",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'wpad-home.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--322d3a5e-505c-4180-a892-4f191275dd44",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "Get2 C2 server",
|
||
|
"pattern": "[domain-name:value = 'xbox-en-cnd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--aa4a79db-1fad-4142-ae37-b9313b6abdfc",
|
||
|
"created_by_ref": "identity--56bdf779-46f8-4353-bdf9-2bb95bce2212",
|
||
|
"created": "2021-02-08T15:06:28.000Z",
|
||
|
"modified": "2021-02-08T15:06:28.000Z",
|
||
|
"description": "SDBbot C2 server",
|
||
|
"pattern": "[domain-name:value = 'xbox-ms-store-debug.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2021-02-08T15:06:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|